Analysis
-
max time kernel
59s -
max time network
147s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
22-05-2024 13:33
Static task
static1
Behavioral task
behavioral1
Sample
676de1ccdd5f6903223a8fdef576a160_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
676de1ccdd5f6903223a8fdef576a160_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
676de1ccdd5f6903223a8fdef576a160_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
676de1ccdd5f6903223a8fdef576a160_JaffaCakes118.apk
-
Size
1.6MB
-
MD5
676de1ccdd5f6903223a8fdef576a160
-
SHA1
a15e58ea0fb6a13e68f107b74b56766deef4e4e0
-
SHA256
c3bf4bea9d57ac1d1a1ac6132967f3b4ced8930ca84753a50c982f6aa5d819ed
-
SHA512
da5d4ebe0f6ab42c1e8f9b8008599ea53454608908deae9ba8a7537347c071a8272bc6d9575fbfda2a0d1a0d721ff1627817d621ea52a3762830617c03eff0af
-
SSDEEP
24576:ERx2F5mWlHY02U7mokJlhv79uSXvBQKHJfiIzkPySm02xA5ZpGWSG9vGtt48M:EH2F75Y02Dlhv79uSfympgqSm02We1G
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
Processes:
xqxxuiz.msdcfphykahx.uanptwppgkrhdescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId xqxxuiz.msdcfphykahx.uanptwppgkrh Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText xqxxuiz.msdcfphykahx.uanptwppgkrh -
Processes:
xqxxuiz.msdcfphykahx.uanptwppgkrhpid process 4248 xqxxuiz.msdcfphykahx.uanptwppgkrh -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
xqxxuiz.msdcfphykahx.uanptwppgkrhioc pid process /data/user/0/xqxxuiz.msdcfphykahx.uanptwppgkrh/app_DynamicOptDex/zijfksgpbdc 4248 xqxxuiz.msdcfphykahx.uanptwppgkrh -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
xqxxuiz.msdcfphykahx.uanptwppgkrhdescription ioc process Framework service call android.app.IActivityManager.setServiceForeground xqxxuiz.msdcfphykahx.uanptwppgkrh -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
xqxxuiz.msdcfphykahx.uanptwppgkrhdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone xqxxuiz.msdcfphykahx.uanptwppgkrh -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Requests enabling of the accessibility settings. 1 IoCs
Processes:
xqxxuiz.msdcfphykahx.uanptwppgkrhdescription ioc process Intent action android.settings.ACCESSIBILITY_SETTINGS xqxxuiz.msdcfphykahx.uanptwppgkrh -
Acquires the wake lock 1 IoCs
Processes:
xqxxuiz.msdcfphykahx.uanptwppgkrhdescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock xqxxuiz.msdcfphykahx.uanptwppgkrh -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
xqxxuiz.msdcfphykahx.uanptwppgkrhdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo xqxxuiz.msdcfphykahx.uanptwppgkrh -
Reads information about phone network operator. 1 TTPs
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
Processes:
xqxxuiz.msdcfphykahx.uanptwppgkrhdescription ioc process Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS xqxxuiz.msdcfphykahx.uanptwppgkrh -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
xqxxuiz.msdcfphykahx.uanptwppgkrhdescription ioc process Framework API call android.hardware.SensorManager.registerListener xqxxuiz.msdcfphykahx.uanptwppgkrh
Processes
-
xqxxuiz.msdcfphykahx.uanptwppgkrh1⤵
- Makes use of the framework's Accessibility service
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's foreground persistence service
- Queries the mobile country code (MCC)
- Requests enabling of the accessibility settings.
- Acquires the wake lock
- Checks if the internet connection is available
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Listens for changes in the sensor environment (might be used to detect emulation)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/xqxxuiz.msdcfphykahx.uanptwppgkrh/app_DynamicOptDex/oat/zijfksgpbdc.cur.profFilesize
439B
MD5939b1070790f9b007a31c0939c57fad0
SHA1a255b38d17bcfd7280aeeb18705421d817d9b248
SHA256bc777c470b5422852a3f5ecf9125ba23cda6f087f08a077172e86f94190a94cd
SHA5121ca39550f92419ec18d99a066391ad95e35cc19a0eaa9ab7b8a383e7ea9750fe2a89ed973bcda0db5144b6b4d61bdbbe2104f0e9a568263f4ee5e70fe86ad4e5
-
/data/data/xqxxuiz.msdcfphykahx.uanptwppgkrh/app_DynamicOptDex/zijfksgpbdcFilesize
275KB
MD5abd19690bd4cd05ca98a566a7fe4d557
SHA1ce029ac4c59353df2ce4cd7ca8e4e5a9f4dac16a
SHA2568b7bc1673a915853b7a849e2ee2e68a812564588103a7d6cdede905b4a5b502d
SHA5124be945568e6adcbd395aa3fe011e25443a1904421222d6dcae622efedba38abde45d5fcb794a4a3bddc859124747babfc9359505d4882e85e6c42d72fe33d849
-
/data/data/xqxxuiz.msdcfphykahx.uanptwppgkrh/app_DynamicOptDex/zijfksgpbdcFilesize
275KB
MD54780a37e525123b13fa158914394bbcc
SHA1cd004f6d3dff23e776520a81ecbd47f6f03f8761
SHA2563e590545bcfe6bed7085bd65f713c97eb21169098c8bdab38aab7adad1d966a2
SHA5125e1690a9f81fab02489ef3561d966f21a18588ced06b30a1f45836bf0f52a246144559d5f0fb289b7a14ed4dba7b864071d2ac08d0fec72c220e87c85b439f10
-
/data/user/0/xqxxuiz.msdcfphykahx.uanptwppgkrh/app_DynamicOptDex/zijfksgpbdcFilesize
409KB
MD57ddd2875efeedc769bbf25e30bf87e7f
SHA1699b1097d2e14088d24bcd622580d3665a822a49
SHA256ae32636299b27f1e7166b2854778bc1ddb31504d4e089cff03fb8ef79533b43c
SHA5120a6892cb3ef38a911c4c80905d2da454e502d7e442c23ea0217b1fe6ae8ab4329490a1367d70d36630be33702ff2dbdc7f9bbcee805974d3c84dd252ab2f9988